// public
static public Task <ActionResult> ProcessQuery <T>(IIdentity user, HttpRequest uriInfo, DbContext entityManager, String serviceName) where T : class
{
IQueryCollection queryParameters = uriInfo.Query;
DbUtils.QueryMap fields = RequestFilter.ParseQueryParameters((LoginResponse)user, serviceName, queryParameters);
String[] orderBy = null;
{
CrudService service = RequestFilter.GetService(user, serviceName);
if (service.OrderBy != null)
{
orderBy = service.OrderBy.Split(',');
}
}
int?startPosition = null;
int?maxResult = null;
startPosition = queryParameters["start"].Count == 1 ? int.Parse(queryParameters["start"]) : startPosition;
maxResult = queryParameters["max"].Count == 1 ? int.Parse(queryParameters["max"]) : maxResult;
Type entityClass = RequestFilter.mapClass[serviceName];
return(DbUtils.Find <T>(entityManager, entityClass, fields, orderBy, startPosition, maxResult).ContinueWith(taskResults => {
if (taskResults.Exception != null)
{
return Response.BadRequest("ProcessQuery.Find : " + taskResults.Exception.Message);
}
ActionResult response = Response.Ok(taskResults.Result);
return response;
}));
}
// private
static private DbUtils.QueryMap ParseQueryParameters(LoginResponse login, String serviceName, IQueryCollection queryParameters)
{
CrudService service = RequestFilter.GetService(login, serviceName);
DbUtils.QueryMap queryFields = DbUtils.QueryMap.Create();
JObject serviceFields = JObject.Parse(service.Fields);
foreach (var item in serviceFields)
{
JToken field = item.Value;
if (field.Value <Boolean> ("primaryKey") == true)
{
StringValues values = queryParameters [item.Key];
if (values.Count > 0)
{
String type = field.Value <String> ("type");
if (type == null || type.Equals("s"))
{
queryFields.Add(item.Key, values.First());
}
else if (type.Equals("n") || type.Equals("i"))
{
queryFields.Add(item.Key, int.Parse(values.First()));
}
else if (type.Equals("b"))
{
queryFields.Add(item.Key, Boolean.Parse(values.First()));
}
}
}
}
// se não for admin, limita os resultados para as crudGroup vinculadas a empresa do usuário
int?crudGroupOwner = login.user.CrudGroupOwner;
if (crudGroupOwner != 1)
{
if (serviceFields.ContainsKey("crudGroupOwner"))
{
queryFields["crudGroupOwner"] = crudGroupOwner;
}
else if (serviceFields.ContainsKey("crudGroup"))
{
queryFields["crudGroup"] = login.groups;
}
}
return(queryFields);
}
// private to create,update,delete,read
static private ActionResult CheckObjectAccess(IIdentity user, String serviceName, Object obj)
{
CrudService service;
try {
service = RequestFilter.GetService(user, serviceName);
} catch (Exception e) {
return(Response.Unauthorized(e.Message));
}
LoginResponse login = (LoginResponse)user;
JObject serviceFields = JObject.Parse(service.Fields);
ActionResult response = null;
int? userCrudGroupOwner = login.user.CrudGroupOwner;
if (userCrudGroupOwner > 1 && serviceFields.ContainsKey("crudGroupOwner"))
{
int?objCrudGroupOwner = (int?)obj.GetType().GetProperty("CrudGroupOwner").GetValue(obj);
if (objCrudGroupOwner == null)
{
obj.GetType().GetProperty("CrudGroupOwner").SetValue(obj, userCrudGroupOwner);
objCrudGroupOwner = userCrudGroupOwner;
}
if (objCrudGroupOwner == userCrudGroupOwner)
{
if (serviceFields.ContainsKey("crudGroup"))
{
int crudGroup = (int)obj.GetType().GetProperty("CrudGroup").GetValue(obj);
if (login.groups.IndexOf(crudGroup) < 0)
{
response = Response.Unauthorized("unauthorized object crudGroup");
}
}
}
else
{
response = Response.Unauthorized("unauthorized object crudGroupOwner");
}
}
return(response);
}